Skip to content

Commit

Permalink
test remote-user
Browse files Browse the repository at this point in the history
  • Loading branch information
hmpf committed Mar 1, 2024
1 parent dcc18f9 commit e0b1acc
Show file tree
Hide file tree
Showing 2 changed files with 48 additions and 2 deletions.
2 changes: 1 addition & 1 deletion python/nav/web/auth/remote_user.py
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ def authenticate(request):
return autocreate_remote_user(username)
# Bail out!
_logger.info('User creation turned off, did not create "%s"', username)
return False
return None

# Bail out! Potentially evil user
if account.locked:
Expand Down
48 changes: 47 additions & 1 deletion tests/unittests/general/webfront_test.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
import pytest

import nav.web.auth.ldap
from nav.models.profiles import Account
from nav.web import auth
from nav.web.auth import remote_user
from nav.web.auth.utils import ACCOUNT_ID_VAR
Expand Down Expand Up @@ -50,7 +51,9 @@ def test_authenticate_should_return_false_when_ldap_says_no(self):


class TestRemoteUserAuthenticate(object):
def test_authenticate_remote_user_should_return_account_if_header_set(self):
def test_authenticate_remote_user_should_return_account_if_header_set_and_account_exists(
self,
):
r = RequestFactory()
request = r.get('/')
request.META['REMOTE_USER'] = 'knight'
Expand All @@ -61,6 +64,49 @@ def test_authenticate_remote_user_should_return_account_if_header_set(self):
):
assert remote_user.authenticate(request) == REMOTE_USER_ACCOUNT

def test_authenticate_remote_user_should_return_account_if_header_set_and_account_exists_regardless_of_autocrate(
self,
):
r = RequestFactory()
request = r.get('/')
request.META['REMOTE_USER'] = 'knight'
with patch("nav.web.auth.remote_user._config.getboolean", return_value=False):
with patch(
"nav.web.auth.Account.objects.get",
new=MagicMock(return_value=REMOTE_USER_ACCOUNT),
):
assert remote_user.authenticate(request) == REMOTE_USER_ACCOUNT

def test_authenticate_remote_user_should_not_return_account_if_header_set_and_autocreate_off_and_account_missing(
self,
):
r = RequestFactory()
request = r.get('/')
request.META['REMOTE_USER'] = 'knight'
with patch("nav.web.auth.remote_user._config.getboolean", return_value=False):
with patch(
"nav.web.auth.Account.objects.get",
side_effect=Account.DoesNotExist,
):
assert remote_user.authenticate(request) == None

def test_authenticate_remote_user_should_call_create_account_if_header_set_and_autocreate_on_and_account_missing(
self,
):
r = RequestFactory()
request = r.get('/')
request.META['REMOTE_USER'] = 'knight'
with patch("nav.web.auth.remote_user._config.getboolean", return_value=True):
with patch(
"nav.web.auth.Account.objects.get",
side_effect=Account.DoesNotExist,
):
with patch(
"nav.web.auth.remote_user.autocreate_remote_user",
new=MagicMock(return_value=REMOTE_USER_ACCOUNT),
):
assert remote_user.authenticate(request) == REMOTE_USER_ACCOUNT

def test_authenticate_remote_user_should_return_none_if_header_not_set(self):
r = RequestFactory()
request = r.get('/')
Expand Down

0 comments on commit e0b1acc

Please sign in to comment.